Technology is evolving at a record pace, and these emerging digital technologies are now reshaping traditional business practices. As digital technologies and related data become increasingly prevalent, it is natural that ethical concerns regarding the usage of these technologies arise, especially in situations where the ordinary citizen's private information is involved.

The hospitality industry, in particular, engages in data capturing and data storing on a mass scale. Moreover, digital payment gateways have become a necessity to serve the modern guests, making the processing of sensitive information widespread. Added to that are the increasing expectations of guests for organisations to accommodate their changing preferences. These factors raise several questions and pose a few challenges in maintaining guest relations while upholding the Corporate Digital Responsibility (CDR) in the hospitality arena.

Compliance vs Personalisation

Personal data collection is vitally important in the hospitality industry to enable companies to develop relationships with their customers (Jones and Comfort, 2021). Accenture found that 74% of consumers believed that "living profiles" with more detailed personal preferences would be useful if they were used to curate personalised experiences, products and offers. Gaining a better understanding of customer needs and preferences - or guest intimacy - can enable the delivery of personalised services that will help increase customer satisfaction, lower service costs and improve guest loyalty (Peterson, 2020).

The challenge is that in order to provide a personalised experience, hospitality organisations will have to collect and store a significant amount of personal guest information, a factor that is heavily regulated. In this regard, the most stringent guidelines come from the General Data Protection Regulation (GDPR) in effect since 2018. It imposes strict regulations on any organisation that handles the personal data of EU citizens or residents. As such, the GDPR will apply to hospitality organisations within the EU and those outside the EU if an EU citizen requests their services.

In balancing the conflicting needs of compliance and personalisation, the best approach for hospitality organisations is to be clear and transparent about their data collection. Guests must be informed of the 'when' and 'how' of personal data collection and processing. Given that most guests prefer a personalised experience, they are more likely to consent when they know that their data will only be used to provide them with a better experience.

Ensuring the security and confidentiality of the information gathered to create guest profiles is vital in regulatory compliance. Over the past few years, enterprise cloud technology has taken centre stage with an estimated adoption rate of 72% for private clouds. In choosing a cloud provider, organisations should include ethical considerations as criteria for their software selection and perform corresponding due diligence (Corporate digital responsibility, 2021). In dealing with private cloud solutions, hospitality organisations must ensure that it solely controls the information that it distributes over the cloud and maintains authorisations and access permissions effectively. Service providers like Microsoft Azure contain built-in features that guarantee enhanced security spanning network security, data encryptions and auditing processes. This can allow hospitality organisations to uphold their CDR while leveraging guest data to provide personalised experiences.

Growth of Digital Payments

Hospitality organisations must adopt and facilitate the latest guest trends in order to retain their competitive edge. This means that they must accommodate the surge of advancement in digital payments. A report from Experian in 2019 revealed that 1-in-10 millennials use their digital wallet for every purchase, and McKinsey forecasts mobile commerce to reach 70% by 2022.

However, the rise of digital payment also means an increased risk of cyber-attacks. Most of the high-profile company data breaches that occurred in the past few years have targeted POS systems. A POS or payment card attack is not an attack on the hospitality organisation directly but a third-party crime that attacks the vendor. Nonetheless, the hospitality organisation will also be victimised since the consequences of compromising the security of guest information will be severe.

Good CDR practices involve securing the information collected in every way possible, requiring hospitality organisations to secure quality standards when trying to accommodate changing guest preferences. Organisations must pay attention to security certifications such as PA-DSS when choosing vendors. The certification ensures the development of secure payment applications that do not store prohibited data. Incorporating compliant applications will be an excellent reflection of the hospitality organisation's commitment to providing the guests with an enhanced experience in line with its CDR.

The Extent of Personalisation

The next question regarding CDR and guest relations is, how much personalisation is too much personalisation? In other words, how do you identify the line between customisation and invasion of privacy? Yes, guests prefer a tailored experience, but are they more likely to be thrilled or horrified when you serve them the same drink they ordered at the bar five years ago? Also, is collecting personal data by using social media in accordance with CDR ethics?

First and foremost, hospitality organisations should acknowledge that receiving a personalised experience is a choice the guest has, not a mandate to be imposed on them by hospitality organisations. The approach to CDR and the personalisation strategies all hinge on this choice. Personalisation must be based on information the guest voluntarily provides. To this end, tailoring your guests daily fruits basket based on what they've consumed is a far better approach than going through their Instagram posts to determine their preferences.

The continuous evolution of digital technologies means that the challenges in tackling CDR while maintaining guest relations in hospitality will continue to evolve as well. Nevertheless, given the emerging regulations and privacy concerns of the modern era, hospitality organisations must frame their CDR in consideration of the new technologies, threats, and norms. Establishing a robust system that upholds the organisation's CDR will not only safeguard the reputation of hospitality organisations but also contribute towards creating a healthy digital corporate culture across the industry.

About IDS Next

Founded in 1987, IDS Next became India's largest hotel software company in its first decade of operations and Asia's largest in 2009.

Today, IDS Next is the leading provider of smart hotel software across Southeast Asia, the Indian Ocean, the Middle East, Africa, and Oceania, serving over 6,000 customers in 45 countries with $10 million in daily transactions and 300,000 daily check-ins.

With the goal to redefine the way hotels operate through smart software solutions, IDS Next has been a trusted technology partner and preferred supplier to the international hospitality industry.

From contactless check-in, front desk, guest request and housekeeping management to payroll, finance, inventory management and procurement, IDS Next's award-winning software automates and streamlines front and back-office hotel operations, making sure all departments are covered.

With an open API approach, IDS Next integrates with over 100 of the world's leading, best-in-breed technology partners to ensure hotel operations run smoothly and securely to complement a hotel's existing systems and solutions.

Available in single modules and as an all-in-one solution, IDS Next's smart hotel software is designed by hoteliers for hoteliers through the company's in-house development team comprising 135 hospitality technology professionals and supported 24/7 by 90 customer services agents in 30 languages.

With all software PA DSS certified, front-of-house solutions GDPR compliant, and the business ISO 27001 certified, IDS Next's smart software solutions are accredited, certified, and compliant with the industry's most stringent standards for data protection and security.